REMARKS 

The final Office Action dated November 10, 2004 ("Office Action") rejected all the 
pending claims of the instant application. Independent Claim 16 and dependent Claim 17 stand 
rejected under 35 U.S.C. § 102(b) as being anticipated by Spies et al., U.S. Patent No. 5,689,565. 
In addition, independent Claim 1 and dependent Claims 2-7 and 12-15 stand rejected under 
35 U.S.C. § 103(a) as being unpatentable over Shrader et al., U.S. Patent No. 6,374,359, in view 
of Quimby, U.S. Patent No. 5,367,573, and further in view of Hardy et al., U.S. Patent 
No. 5,623,546. Additionally, Claims 8-11 stand rejected under 35 U.S.C. § 103(a) as being 
unpatentable over Shrader et al., as modified by Quimby and Hardy et al., and further in view of 
Becker et al., U.S. Patent No. 6,557,038. This Response sets forth arguments as to why applicant 
believes that the Office's position with respect to the pending claims is incorrect and should be 
withdrawn. 

In order to assist the Office in further understanding the exemplary embodiments of the 
present invention, the Applicant provides below a summary of the invention, which relates to the 
various exemplary embodiments of the present invention. This summary supplements the 
summary of the invention included with Applicant's Amendment, filed June 15, 2004 . 

It is to be understood that the following summary of the various exemplary embodiments 
does not define the scope and/or interpretation of any of the claims of this application. Instead, 
the summary is provided to help the Office better appreciate claim distinctions discussed 
hereinafter. 

Summary of the Invention 

Generally, an exemplary embodiment of the present invention relates to a method and 
apparatus for encoding and storing storage data that minimizes the amount of data transferred 
between a client computer and a server computer, while at the same time maximizing the amount 
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of configuration information transferred. An exemplary embodiment of the present invention 
makes use of encoding and storing session data in an encoded and encrypted session cookie in 
order to maximize the amount of configuration information transferred. In particular, an 
exemplary embodiment of the present invention provides a server computer that encodes session 
data into a session cookie in a tag-length-value format. 

The tag-length-value format encodes data by providing a tag identifying the semantic 
information that a value represents, the length of the value, and then the value itself. Once the 
data has been encoded in the tag-length-value format, the server computer encrypts the encoded 
session data using the modified encryption key. The modified encryption key may be formatted 
by inserting a secret, such as the user's password or e-mail address, into a standard encryption 
key at a predefined location. The session cookie is then formed by concatenating the length of a 
length of the secret, the length of the secret, the secret itself, and the encoded and encrypted 
session data. The session cookie is then transmitted from the server computer to a client 
computer, where it is stored. 

Figures 4 and 5 of the instant application provide an illustrative data structure according 
to an exemplary embodiment of the present invention. As is illustrated, an encoded 
configuration data 310 includes at least a tag 400, a data length 406, and a value 408. The 
Figures further illustrate that the tag 400 is defined by a separate data length identifier 402 and a 
data type identifier 404. In one exemplary embodiment, the data length identifier includes an 
extended tag type value 405. 

The specific structure of the exemplary embodiment illustrated in Figures 4 and 5 is very 
advantageous, inasmuch as tags associated with other configuration data may be accounted for 
by way of the data length identifier 402, and in particular the extended tag type value 405. A 
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detailed discussion of the foregoing may be found on pages 15 and 16 of the specification of the 
instant application. 

Claim Rejection Under 35 U.S.C. g 102(b) 

Claims 16 and 17 stand rejected under 35 U.S.C. § 102(b) as being anticipated by Spies 
et al. For the reasons discussed below, Applicant respectfully submits that the relied upon patent 
document fails to teach or suggest the recitation of independent Claim 16. Moreover, applicant 
respectfully submits that the relied upon document is similarly deficient with respect to the 
rejected dependent claim. Additionally, applicant respectfully submits that the dependent claim 
is allowable at least due to its dependence upon an allowable independent claim. 
Rejection of Independent Claim 16 

Independent Claim 16 sets forth a combination of limitations including "a first data field 
containing data representing a data length identifier and a tag type." (Emphasis added.) Clearly, 
from the indicated limitation of Claim 16, the "first data field" includes both " a data length 
identifier " and " a tag type ." For the following reasons, the patent relied upon by the Office fails 
to teach or suggest at least this indicated limitation of independent Claim 16. 

Spies et al. teach a cryptography system and method for providing cryptographic services 
for a computer application. According to Spies et al., and as illustrated in Figure 9 of the patent, 
a communication data structure may include a data structure 140 used to carry a package that is 
exchanged between participants, or between a participant and a trusted authority. (See Col. 15, 
lines 62-65.) The tag-length- value (TLV) data structure 140 consists of three parts: an identifier 
field 142 (which is also known as the "tag"), a length field 144, and a value field 146V 
(Emphasis added.) (See Col. 16, lines 4-6.) 

According to the patent, the identifier field or tag 142 is a fixed-sized field that defines or 
identifies the commensurate data contained in the package. The length field 144 is a variable- 
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sized field that contains the length of the commensurate data contained in the package. The 
length field 144 is preferably an exact byte count of the data contained in a value field 146. As is 
disclosed by the patent, the three specific fields 142, 144, and 146 are those that are included in 
the data structure 140. Moreover, the patent document indicates that gnlyt these fields 142, 144, 
and 146 make up the data structure 140. In particular, Spies etal. indicates that the "data 
structure 140 consists " of the three indicated fields. (See Col. 16, line 4.) 

As is understood by the discussed portion of the Spies et al. patent, the data structure 140 
does not include a field that contains data representing "a data length identifier and a tag type." 
The identifier field 142 of the data structure 140 relates to the commensurate data contained in 
the package. This commensurate data does not relate to data that is designed to identify "a tag 
type." Moreover, the various fields 142, 144, and 146 of the data structure 140 are not 
individually capable of containing data that identifies two distinct data types. In contrast, the 
first data field set forth in independent Claim 16 includes "data representing the data length 
identifier mid a tag type." (Emphasis added.) 

The "Response to Arguments" section of the current Office Action states that the 
applicant's arguments with respect to Claims 16 and 17 are unpersuasive. In particular, the 
Office states that "[t]he claim never states the data structure is required to carry two distinct data 
types." Furthermore, the Office states that "the definition of TLV (tag-length-value) states that 
the tag defines the type of data contained, the length consists of the total length of the tag, length, 
and value, and the value contains the value to be transmitted. One TLV data structure can 
contain one type of data, while another TLV data structure can contain a different type of data." 

The foregoing statements by the Office indicate a lack of understanding of that which is 
set forth in independent Claim 16. Returning once again to the disclosure of Spies et al., as is 
illustrated in Figure 9 of the patent, a data structure 140 includes the identifier field 142 (tag), the 
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length field 144, and the value field 146. The emphasis here must be what is contained in the 
identifier field 142 (tag). According to Spies et al., the identifier field 142 is a fixed-size field 
(e.g., 32 bit) that defines or identifies the commensurate data contained in the package. Nothing 
further is discussed in relation to the identifier field 142 (tag) . Turning now to recitation of 
independent Claim 16, the claim requires "a first data field containing data representing a data 
length identifier and a tag type." (Emphasis added.) As was discussed earlier in this document, 
clearly the "first data field" includes data that has two parts: "a data length identifier and a tag 
type." There is nothing in the Spies et al. patent document that would indicate that the identifier 
field 142 (tag) is capable of including the defined structure as that set forth in independent 
Claim 16. 

With regard to rejection of dependent Claim 17, applicant respectfully submits that this 
claim is allowable at least due to its dependence upon an allowable independent claim. 
Moreover, applicant respectfully submits that this claim sets forth recitation that further defines 
the present invention over the patent document relied upon by the Examiner. 

In view of the above comments, Applicant respectfully requests reconsideration and 
withdrawal of the claim rejection under 35 U.S.C. § 102(b). 
Claim Rejections Under 35 U.S.C. § 103(a) 

Claims 1-7 and 12-15 stand rejected under 35 U.S.C. § 103(a) as being unpatentable over 
Shrader et al., U.S. Patent No. 6,374,359, in view of Quimby, U.S. Patent No. 5,367,573, and 
further in view of Hardy etal, U.S. Patent No. 5,623,546. Additionally, Claims 8-11 stand 
rejected under 35 U.S.C. § 103(a) as being unpatentable over Shrader etal. as modified by 
Quimby and Hardy et al., and further in view of Becker et al., U.S. Patent No. 6,557,038. For 
the following reasons, Applicant respectfully submits that these documents, whether standing 
alone or in combination, fail to teach or suggest the recitation of independent Claim 1. 
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Moreover, applicant respectfully submits that these documents are similarly deficient with 
respect to the dependent claims of the instant application. In addition, Applicant respectfully 
submits that the dependent claims are allowable at least due to the dependence upon an allowable 
independent claim. 

Independent Claim 1 sets forth a combination of limitations including "concatenating a 
secret, a length of the secret, and a length of the secret with said encrypted coded configuration 
data to form a session cookie." For the following reasons, the documents relied upon by the 
Office, whether taken alone or in combination, fail to teach or suggest at least this indicated 
limitation of independent Claim L 

Shrader et al. teaches the dynamic use and validation of HTTP cookies for authentication. 
According to Shrader et al., a cookie value routine 42 is initiated when a server-driven graphical 
user interface verifies a username and a password sent to thereto from a login panel of a user's 
web browser. The cookie value routine 42 constructs a cookie value that includes a username, 
password, and BP address. (See Col. 7, lines 16-21.) 

Initially, applicant would like to point out that the current Office Action was made final 
prematurely . The Office is respectfully reminded that if the Examiner issues a new rejection, 
then an Office Action that includes such a new rejection may not be made final. See 37 C.F.R. 
§ 1.113; M.P.E.P. § 706.07. In the Office Action dated March 23, 2004, on page 4 thereof, the 
Office recognized that Schrader et al. fails to teach or suggest "concatenating a secret, a length of 
the secret, and the length of the secret with said encrypted coded configuration data to form a 
session cookie." (Emphasis added; see Claim 1.) More specifically, the Office indicates that 
M [t]he act of supplying the length of the length of a field only adds more validation, therefore the 
extra validation fields are obvious." In the applicant's Amendment filed June 15, 2004, the 
propriety of an obviousness rejection, including such an unsupported statement, was raised. 
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In response to the traversal of the rejection, the Office has modified the rejection of 
Claims 1-7 and 12-15 under 35 U.S.C. § 103(a). The change in the rejection was not 
necessitated by an amendment to the claims by the Applicant. Instead, perhaps recognizing the 
deficiency of the rejection under 35 U.S.C. § 103(a), the Office modified the rejection in order to 
attempt to set forth a more substantiated line of reasoning. It is the Applicant's position that this 
is only permissible if the Office Action, including the modified rejection, is made non- final. 
Accordingly, Applicant respectfully requests withdrawal of the finality of the current Office 
Action . 

The modified rejection of Claims 1-7 and 12-15 under 35 U.S.C. § 103(a) now states that 
Schrader et al. teaches "[concatenating a secret, a length of the secret, and the length of the 
length of the secret with said encrypted encoded configuration data to form a session cookie 
(Col. 7, lines 16-21, see response to arguments below)." (See page 3 of current Office Action.) 
In the response to the arguments, found on page 12 of the current Office Action, the Office states 
that "[t]he length field would then also be dynamic in size, so a length of the length field, which 
is static, could describe the length field, which then describes the cookie data." This revised 
reasoning is still insufficient reasoning to substantiate a rejection under 35 U.S.C. § 103(a). 

The Office is respectfully reminded that in order to set forth a proper rejection under 
35 U.S.C. § 103(a), each and every element taught by the claim being rejected must be taught by 
the reference, or the combination of references, being relied upon. If a combination of references 
is used, the Office must supply reasonable motivation for combining the references. This 
motivation must come from the references themselves, or may also be based on the expertise of 
those having ordinary skill in the art. Applicant respectfully submits that the above-indicated 
conclusionary statement by the Office does not satisfy the rigorous standards required for 
substantiating a rejection under 35 U.S.C. § 103(a). 
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In the revised rejection under 35 U.S.C. § 103(a), the Office states that the teachings of 
Schrader et al. "could" teach a certain limitation set forth in rejected independent Claim 1. (See 
page 12, last sentence of first paragraph of current Office Action.) Once again, Applicant argues 
that this is insufficient to support a proper rejection under 35 U.S.C. § 103(a). In particular, an 
invention is not obvious where an Examiner fails to provide suggestion even if prior art "could" 
have been combined. In the case of In re Fritch, the Federal Circuit stated that this type of 
conclusionary statement is merely "hindsight reconstruction" that is insufficient and improper 
reasoning for supporting an obviousness rejection. 

Because the additional patent documents have not been relied upon in the Office Action 
to make up for the indicated deficiencies of Shrader et al., the specifics of these documents have 
not been discussed herein. However, from even a cursory review of the additional patent 
documents relied upon, it is clear that the disclosures therein do not make up for the deficiencies 
discussed in relation to Shrader et al. 

Therefore, because Shrader et al. fail to teach or suggest at least "concatenating a secret, a 
length of the secret, and a length of the length of the secret with said encrypted coded 
configuration data to form a session cookie," and the supplemental documents relied upon do not 
make up for this deficiency of Shrader et al., a proper rejection under 35 U.S.C. § 103(a) has not 
been presented by the Office. Moreover, even assuming arguendo that all the elements are 
taught by the combination of references relied upon by the Office, the rejection under 35 U.S.C. 
§ 103(a) is deficient, as the stringent requirements for establishing obviousness under the Statute 
have not been met. 

In accordance with the above, applicant respectfully requests reconsideration and 
withdrawal of the rejection of independent Claim 1, and those claims that are dependent thereon. 
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In view of the above comments, reconsideration and withdrawal of each of the claim 
rejections is respectfully requested. 

CONCLUSION 

In view of the foregoing remarks, Applicant respectfully submits that the present 
application is now in condition for allowance. Reconsideration and reexamination of this 
application, as amended, allowance of the rejected claims, and passage of the application to issue 
at an early date are respectfully solicited. If the Examiner has any questions or comments 
concerning this application, the Examiner is invited to contact the undersigned at the number 
below. 

Respectfully submitted, 

CHRISTENSEN O'CONNOR 
JOHNSON KINDNE S S PLLC 




Timothy R. Wyckoff 
Registered Patent Agent 
Registration No. 46,175 
Direct Dial No. 206.695.1641 

I hereby certify that this correspondence is being deposited with the U.S. Postal Service in a sealed 
envelope as first class mail with postage thereon fully prepaid and addressed to Mail Stop Amendment, 
Commissioner for Patents, P.O. Box 1450, Alexandria, VA 223 13-1450, on the below date. 

g/sbk/dmg 
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